const db = require("../../../../libs/db.config");

module.exports = async (data) => {
    const userID = data;
    // 使用参数化查询，避免 SQL 注入攻击
    const searchSQL = `SELECT userinfo.userName, userinfo.intro, userinfo.photo FROM userinfo WHERE userID = ?`;
    return await db.query(searchSQL, [userID]);
    // const searchSQL = 'SELECT * FROM userinfo WHERE userID = ' + userID;
    // return await db.query(searchSQL);
};